On Fri, Feb 09, 2018 at 11:40:29AM +0100, Richard Biener wrote: > > I.e., having to track all pointers to d between the call to > > strncpy and the assignment of the nul and make sure none of > > them ends up used in a string function. It didn't seem > > the additional complexity would have been worth the effort > > (or the likely false negatives). > > Well, I'd just walk immediate uses of the VDEF of the > strncpy call, not of the pointer argument. There will be exactly _one_ > possible > store (gimple_vdef () is non-NULL) that you need to verify (with using > the current matching > logic). But it'll skip non-store statements for you.
Well, it should also punt on the immediate uses of the VDEF that have NULL gimple_vdef and the alias oracle says that might alias with that, i.e. warn about say strncpy (p, ...); foo (p); p[whatever] = '\0'; where foo is pure, because it might read the unterminated string, but don't warn about strncpy (p, ...); x = *q; p[whatever] = '\0'; if q[0] can't alias with p. Or just warn if there are any immediate uses of the strncpy VDEF that have gimple_vdef NULL, or non-NULL and aren't the zero store you are looking for. Jakub